Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

YouTube Hack Hits Bieber Fans

A cross-site scripting vulnerability in YouTube was used by attackers over the weekend to target fans of singer Justin Bieber. Using the vulnerability, attackers were able to embed HTML code on pages devoted to the pop star.

Using the vulnerability, the attackers were able to insert HTML code into YouTube pages devoted to Bieber and greet fans with redirects to adult content as well as a numerous pop-up messages, including one claiming the 16-year-old star had been killed in a car accident. The attackers placed the code in the comment section of the pages, prompting Google to temporarily hide comments Sunday by default.

Other pages unrelated to Bieber were reportedly targeted as well.

According to Google, a fix for the issue was rolled out about 2 hours after it was discovered.

Further reading

"We're continuing to study the vulnerability to help prevent similar issues in the future," a Google spokesperson told eWEEK.

The vulnerability allowed the attackers to bypass the filter normally used to police YouTube comments.

"Clearly YouTube is a big target, as it has so many millions of visitors every day, and you would hope that their Web team will investigate what went wrong with their processes, and explore if they are reviewing code properly before it is made live to ensure that loopholes aren't left in their code in future," noted Graham Cluley, senior technology consultant at Sophos.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.